Canonical Identifiers and Synonyms

28th Feb 2007

Despite it being a best practice, currently only a handful of OpenID Consumer sites support the association of multiple OpenID identifiers to a single “account”. This is important to create redundancy to make the loss of an identifier less catastrophic. Ideally, all consumer sites would:

Allow users, after successful signing in with one OpenID identifier, to verify additional identifiers to be attached to the same account. For most purposes, this just involves storing your identifier associations in a separate table keyed on the primary key of your user table.

Provide a “recover account” ability in similar vein to the “forgot password” procedure in traditional website authentication. This would be done by having on file the user's email address and sending them a reset URL just as sites currently do for passwords, but then allowing the user to verify a new OpenID identifier rather than specifying a password.

But implementing the above is a chore. You have to develop new UI and new backend code. I doubt we can do much about the new backend code, but it'd be nice if we could somehow define a standard mechanism for doing the first of these in an automated way, so that sites can automatically discover my redundant synonyms. I'm not sure what the solution to the latter is just yet, but I think the former is do-able and well worth the effort.